Description of Users and Acceptance of Terms
The Information We Collect
In the course of operating the Website and Platform and/or providing the Services, Physera will collect, store, use, transmit, and/or receive the following types of information. You authorize us to collect and/or receive such information.
Contact Information and Information Collected Through Registration
We collect contact information from Visitors of the Website; this information typically includes your name, email address, and any information you provide in messages or job applications to us.
When you sign up as a Provider through the Website, you will be required to provide us with personal information about yourself, such as, your name, e-mail address, phone number and gender.
If you are a User who would like to schedule a video chat consultation with a Provider, you will be required to provide us with personal information about yourself, such as your name and e-mail address. Providers and Users acknowledge and agree that we may record video-chat consultations for use by us and our business partners for training purposes.
If you are a User who would like to use the Physera App, you will need to download the Physera App by clicking on the personalized download link provided to you by Physera.
When you sign up to use the Platform as a User, you will also be asked to provide us with background health information that relates to your past, present, or future physical or mental health or condition, including but not limited to, the specific body part that is your primary concern, duration for which the issue is ongoing, and the treatments you have tried. You will also be asked to complete surveys and intake questionnaires, which require you to provide information relating to your pain, injury and behavior. All of this information is collectively referred to herein as “Health Information.”
If you are a Patient, you have particular rights and obligations with respect to your Health Information under HIPAA, outlined in further detail in the Notice of Privacy Practices below.
In order to provide certain features and functionality of the Platform, we may, with your consent, automatically collect geolocational information from your mobile device, your wireless carrier, or certain third-party service providers (“Geolocational Information”). Collection of such Geolocational Information occurs only when the Physera App is running on your mobile device. You may decline to allow us to collect such Geolocational Information, in which case Physera will not be able to provide certain features of the Physera App to you.
From Your Activity
Information that we automatically collect when you use the Platform, including, without limitation:
- IP addresses, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, etc.;
- Information about a mobile device, including universally unique ID (“UUID”), Physera App type and version (e.g., iOS or Android), carrier and country location, hardware and processor information (storage, chip speed, camera resolution, NFC enabled, and network type (e.g. WiFi, 2G, 3G, 4G, LTE, 5G); and
- Activity and usage information occurring via the Platform, including tagging data, favorites, preferences, session lengths; and similar data.
Information that we collect using "cookie" technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive so that your computer will "remember" information about your visit. We use both first- and third-party session cookies and persistent cookies. Below is a general primer on session and persistent cookies; information collected by cookies depends on its particular purpose. For more information, please see the information regarding analytics providers discussed further below.
- Session Cookies: We use session cookies to make it easier for you to navigate our Platform. A session ID cookie expires when you close your browser.
- Persistent Cookies: A persistent cookie remains on your hard drive for an extended period of time or until you delete them. You can remove persistent cookies by following directions provided in your web browser’s “help” file. To the extent we provide a log-in portal or related feature on our Services, persistent cookies can be used to store your passwords so that you don’t have to enter it more than once. Persistent cookies also enable us to track and target the interests of our Visitors, Users and Providers to personalize the experience on our Platform.
In some cases, we may associate information that you have provided to us (e.g., email address) with the cookies that we use. In addition to facilitating the purposes described above, this is useful in understanding your engagement with other content related to our Services (e.g., email open rates, URL click-throughs).
If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your Internet browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, the Platform may not function properly.
For more information on these third parties, including how to opt out from certain data collection, please visit the sites below. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Platform.
For Google Analytics, please visit https://www.google.com/analytics
Treatment and Use of Health Information and Personal Information
The Platform provides Patients the ability to communicate with their Providers. Patients’ communications with such individuals through the Platform may include Health Information and personal information, which may be stored on the Platform as a result of your relationship with a Provider. Patients (and not Physera) are solely responsible for reviewing and approving any Providers before deciding whether to share their Health Information and personal information with such Providers.
Use and disclosure of Health Information that is Protected Health Information as defined by HIPAA is governed by the Notice of Privacy Practices below.
In using the Clinical Dashboard, Providers may provide us with data relating to their Patients. We use this data in accordance with the terms and conditions of the Clinical Dashboard Agreement, and the Notice of Privacy Practices provided below.
How We Use and Share Your Information
- Agents, Providers and Related Third Parties. We may engage other companies and individuals to perform certain business-related functions on our behalf, including service providers and affiliates of our customers. Examples of such business-related functions may include providing technical assistance, order fulfillment, customer service, and marketing assistance. These other companies will have access to the Information only as necessary to perform their functions and to the extent permitted by law. We may also share your Information with any of our parent companies, subsidiaries, or other companies under common control with us.
- Aggregated Information. In an ongoing effort to better understand users of the Platform, we may analyze the Information in aggregate form in order to operate, maintain, manage, and improve the Platform and the Services. This aggregate information does not identify you personally. We may use this aggregate information for marketing purposes. We may share aggregate information between Users who are performing similar exercises and/or undergoing similar therapy. We may share this aggregate information with our affiliates, agents, business and business partners, and other third parties. We may also disclose aggregated user statistics in order to describe the Platform and these products and services to current and prospective business partners and to other third parties for other lawful purposes.
- Business Transfers. As we develop our businesses, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets.
- Legal Requirements. To the extent permitted by law, we may also disclose the Information: (i) when required by law, court order, or other government or law enforcement authority or regulatory agency; or (ii) whenever we believe that disclosing such Information is necessary or advisable, for example, to protect the rights, property, or safety of Physera or others.
Accessing and Modifying Personal Information and Communication Preferences
If you have signed-up to use the Services, you may access, review, and make changes to your personal information by following the instructions found on the Platform. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the "unsubscribe" link located on the bottom of any Physera marketing email. Users and Providers cannot opt out of receiving transactional e-mails related to their account. We will use commercially reasonable efforts to process such requests in a timely manner. Please note that we are not responsible for updating or removing any information contained in Providers’ networks’ lists or databases.
How We Protect the Information
We take commercially reasonable steps to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Platform may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
2443 Fillmore St #380-8130
San Francisco, CA 94115
In addition, Physera does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser "Do Not Track" settings and/or signals.
Important Notice to Non-U.S. Residents
The Website may contain links to third-party websites (“External Sites”). We do not endorse such External Sites and we are not responsible for the privacy practices of such External Sites. Please refer to the privacy policies of those External Sites for more information on how the operators of those sites collect and use your personal information.
How to Contact Us
2443 Fillmore St #380-8130
San Francisco, CA 94115
2. NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices addresses the legal duties and privacy practices of Physera Physical Therapy Group, PC ("PPTG," "we," "us," or "our") regarding the protected health information (“PHI”) of individuals that receive physical therapy treatment from our healthcare providers or use the mobile application provided by Physera, Inc. to communicate with providers regarding treatment (“Patients", "you,” or “your”), and their rights under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”). Terms used herein that are defined under HIPAA shall have the same meaning set forth in HIPAA.
I. Uses and Disclosures of PHI.
PHI is information about a Patient, including demographic information, that may identify the Patient and is related to the Patient’s past, present or future physical or mental health or condition and related health care services. There are circumstances where we are not required to receive Patient’s written authorization to use or disclose Patient PHI, outlined in Section (A) below, and Section (B) provides circumstances when Patient written authorization is required to use or disclose the Patient’s PHI.
A. Patients’ Prior Written Authorization Not Required.
- Business Associates. There are some services provided by us through contracts with HIPAA business associates. When these services are contracted for, we may disclose our Patients’ PHI to our business associates so that they can perform the job we have asked them to do and bill the applicable Patient or your third-party payor for services rendered. To protect our Patients’ PHI, we require the business associate to appropriately safeguard the PHI and sign a business associate agreement with us.
- Treatment. We are permitted to use and disclose our Patients’ PHI in connection with their medical treatment, such as sharing the PHI with other professionals who are treating our Patients, including doctors, nurses, technicians, medical students, or hospital personnel involved in your care. For example, we might disclose information about your overall health condition with physicians who are treating you for a specific injury or condition. In doing so, we are to use our professional judgment and experience with common practice in determining what is in the Patient’s best interest.
- Payment. If a Patient is covered by a health benefit plan, we are entitled to send PHI to the plan or to another business entity involved in our billing system describing the medication or health care equipment we have dispensed so that we can receive payment.
- Health Care Operations. In addition, we can provide PHI for health care operations such as evaluations of the quality of our Patients’ health care in order to improve the success of treatment programs. Other examples include reviews of health care professionals, insurance premium rating, legal and auditing functions, and business planning and management.
Additional Disclosures of Our Patient’s PHI Without Written Authorization are Permitted under the Following Circumstances:
- When requires by law to do so, such as reporting Patients’ health information to state, federal, or local law enforcement officials, court officials, or government agencies, such as the FDA.
- When ordered by authorized public health officials for the purpose of carrying out public health activities, such as to report product problems, or exposure to a communicable disease.
- When the use/disclosure relates to victims of abuse, neglect or domestic violence.
- When the use/disclosure is for health oversight activities, such as by written request of a state/federal government agency performing management audits, financial audits, and program monitoring.
- When the use/disclosure is for judicial and administrative proceedings, such as in response to an order of a court.
- When the use/disclosure is to provide notification and reporting of an unsecured breach as required by law.
- When the use/disclosure is for law enforcement purposes, such as reporting certain types of wounds or injuries, or if there is a good faith belief the disclosure is necessary to prevent or lessen a serious, imminent threat to the safety of a person or the public.
- When the use/disclosure is related to death, such as disclosing a Patient’s health information to coroners, medical examiner and funeral directors so they can carry out their duties related to such Patient’s death.
- When the use/disclosure is related to cadaveric organ, eye, or tissue donation purposes.
- We may disclose information about our Patients for military activities, national security and intelligence activities, and for protective services to the President of the United States.
- We may disclose information about our Patients to a correctional institution having lawful custody of such Patients.
- We may disclose your health information as authorized by and to the extent necessary to comply with the laws related to workers’ compensation or other similar programs established by law.
- When the use/disclosure relates to certain research purposes. For example, in limited circumstances, we may disclose your information to researchers preparing a research protocol or if an institutional review board determines authorization is not necessary.
B. Patients’ Prior Written Authorization Required.
For purposes other than those mentioned above, we are required to ask for our Patients’ written authorizations before using or disclosing any of their PHI. If we request an authorization, any of our Patients may decline to agree, and if a Patient gives us an authorization, the Patient has the right to revoke the authorization at any time and by doing so, stop any future uses and disclosures of the Patient’s health information that the authorization covered. An example of a situation where the Patient’s prior authorization would be required would be if we wish to conduct a marketing program that would involve the use of PHI, or disclosures that constitute sale of PHI, explained in further detail below.
Marketing. We must obtain our Patients’ written authorization prior to using Patients’ PHI for purposes that are marketing under the HIPAA privacy rules. For example, we will not accept any payments from other organizations or individuals in exchange for making communications to our Patients about treatments, therapies, health care providers, settings of care, case management, care coordination, products, or services unless the Patient has given us his or her authorization to do so or the communication is permitted by law. We may communicate with Patients about a product that is currently prescribed so long as any payment we receive in relation to making the communication is reasonably related to the cost of making the communication. In addition, we may market to Patients in a face-to-face encounter and give Patients promotional gifts of nominal value without obtaining Patients’ written authorization.
Sale of Protected Health Information. We will not make any disclosure of PHI that is a sale of Protected Health Information without our Patients’ written authorization.
II. Patients’ Rights.
HIPAA (and associated regulations) provide our Patients with rights concerning their PHI. With limited exceptions (which are subject to review) each Patient has the right to the following:
- Patient’s Record. Each Patient has the right to access and copy the Patient’s PHI contained in a designated record set upon written request. The designated record set usually will include prescription and billing records. We may charge Patients a fee as authorized by law to fulfill such requests. Upon receiving a Patient’s request to access his or her PHI, we are required to respond to the Patient no later than thirty (30) days after the receipt of the request. We may deny the request to inspect and copy in certain limited circumstances. If a Patient is denied access to his or her PHI, the Patient may request that the denial be reviewed. Patients may request access to their health information in a certain electronic form and format, if readily producible, or, if not readily producible, in a mutually agreeable electronic form and format. Further, Patients may request in writing that we transmit such a copy to any person or entity they designate. The written, signed Patient request must clearly identify such designated person or entity and where we should send the copy. To inspect or copy PHI, Patients should email us at [email protected]hysera.com.
- Accounting for Disclosures. Each Patient can, upon written request, obtain a list of the disclosures of the Patient’s PHI by us that have occurred within the 6 years preceding the request, except for disclosures made for the purposes of treatment, payment or health care operations and certain others. We will provide Patients with an accounting no later than sixty (60) days after receipt of such request, with an option to extend for an additional thirty (30) days if we are unable to provide the accounting within the time required. There will be no charge for the first request in any twelve (12) month period, but we are entitled to charge a reasonable cost based fee for additional requests made in the same period of time. Patients should submit requests for an accounting of disclosures to [email protected].
- Amendments. Each Patient may ask to change the record of his or her own PHI upon written request explaining why the change should be made. We will review the request, but may decline to make the change if in our professional judgment we conclude that the record should not be changed. If we deny your request for amendment, you have the right to file a statement of disagreement with the decision and we give a rebuttal to your statement. We will respond to Patient requests no later than sixty (60) days after receipt of such request, with an option to extend for an additional thirty (30) days if we are unable to provide the accounting within the time required. Patients should submit requests for an amendment to [email protected].
- Confidential Communications. Upon written request, each Patient can ask us to communicate with him or her about their own PHI in a confidential manner such as by sending mail to an address other than the home address or using a particular telephone number. Patient requests must state how or where the Patient would like to be contacted. We will attempt to accommodate all reasonable requests, and will not request an explanation for the basis for the request. Patients should submit requests for confidential communication to [email protected].
- Special Restrictions. Upon written request, each Patient can ask us to adopt special restrictions that further limit our use and disclosure of the Patient’s PHI (except where use and disclosure are required of us by law or in emergency circumstances). You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for your notification purposes. We will consider the request, but in accordance with HIPAA we are not required to agree to with the request. Patients also have to right to request restriction with regards to disclosure of health information to a Patient’s health insurance company if: (1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (2) the health information pertains solely to a health care item or service for which we have been paid in full (other than by your health insurance company). We will accommodate such a request, except where we are required by law to make a disclosure. If we agree to your requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment. Patients should submit requests for restriction to [email protected].
- Revoking Authorization. If a Patient has signed an authorization to disclose information, the Patient can later revoke that authorization, in writing, to stop future uses and disclosures. Revocation will not apply to disclosures or uses already made or taken in reliance on the authorization. Patients should submit revocations to [email protected].
- Complaints. If a Patient believes that we have violated the Patient’s rights as to the Patient’s PHI under HIPAA or if a Patient disagrees with a decision we made about access to the Patient’s PHI, the Patient has the right to file a written complaint with our Contact Person listed below. Our Contact Person is required to investigate, and if possible, to resolve each such complaint, and to advise the Patient accordingly. The Patient also has the right to send a written complaint to the U.S. Department of Health and Human Services at the address listed below. Under no circumstances will we permit any retaliation against any Patient for filing a complaint.
200 Independence Avenue, S.W.
Washington, D.C. 20201
We are required by law to protect the privacy of our Patients’ PHI, to provide this notice about our privacy practices, and follow the privacy practices that are described in this notice. We reserve the right to make changes in our privacy practices that will apply to all PHI that we maintain. If or when we change our notice, we will post the new notice on our website.
Contact Information:Physera, Inc.
2443 Fillmore St #380-8130
San Francisco, CA 94115
Copyright 2019 Physera, Inc. and Physera Physical Therapy Group, PC. All rights reserved.